Answered Question
Sep 11th, 2008
User Badges:

I have configured Remote access VPN on ASA5510. VPN clients are able to connect to the internal network and they can ping local Lan computers but I am not able to assign the DNS address of the local Subnet to the VPN Clients. Please suggest what needs to be configured on the ASA.

Correct Answer by acomiskey about 8 years 7 months ago

group-policy internal

group-policy attributes

dns-server value

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Correct Answer
acomiskey Thu, 09/11/2008 - 12:30
User Badges:
  • Green, 3000 points or more

group-policy internal

group-policy attributes

dns-server value

I did this setting and when my users connect to the VPN the IPConfig /all shows the dns servers and they can do an NSlookup and the dns returns the correct value. But when they try to ping or browse to the destination by name this fails.

It was working for about an hour and then just stopped working. I have this in my config.

group-policy default internal

group-policy default attributes

wins-server value

dns-server value

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value default_splitTunnelAcl

default-domain value

yea I can ping by IP to all the networks. I added the line. Split-DNS

I think it takes a few minutes for the dns to start working to the client. I cant ping within the first minute of connecting but if I stay connected long enough it seems to work. (sometimes)

Ever heard of this issue?

pranuvpandit Fri, 10/10/2008 - 10:54
User Badges:

this problem is being faced by the VPN users only or everybodu in the LOCAL LAN.

pranuvpandit Fri, 10/10/2008 - 11:19
User Badges:

DNS- Server is able to resolve the name.Right? But after that it is not pinging that particular IP!

LAN users are accessing the internet through Firewaal. If yes....share the commands you configured for NAT or PAT.


pranuvpandit Mon, 10/13/2008 - 09:29
User Badges:

you are not using any NAT id for the given subnets. And which statements you are using for providing internet connectivity. these statements are for Nat_exemption, I assume.

2ndly is your DNS server is resolving the DNS names to ip addresses for VPN users?

The NAT statements let the traffic to the internal and DMZ networks and to the Internet on PAT. THen I have route statements for the VPN network that route it too.

ALl of the routing works fine. The VPN users can do a nslookup and the DNS server responds but when doing a ping by name their is no response. Again by IP to these same computers ping works fine.

Not sure what the issue is.


This Discussion